supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1045 articles
MCP server security for AI coding agents
A critical RCE in Anthropic's own MCP Inspector (CVSS 9.4) and two Cursor CVEs show that giving AI agents tool access creates a new, largely unvetted attack surface.
The npm worm incident response playbook
Shai-Hulud compromised 500+ npm packages by auto-publishing itself with stolen tokens. Here's a concrete detection, rotation, and pinning playbook.
The 4 dimensions of open-source dependency risk
Open-source risk isn't one problem — CVEs, malware, license exposure, and abandonment each fail differently, and Sonatype logged 454,600+ malicious packages in 2025 alone.
SBOM-based blast radius analysis for vulnerable dependencies
An SBOM tells you what's inside one artifact. It takes a dependency graph across every service to know what breaks first when a library gets a CVE.
Auditing AI agent skill registries for hardcoded keys
29M new hardcoded secrets hit public GitHub in 2025, up 34% YoY — and 3% of MCP servers in production carry hardcoded credentials as theft traps.
Signing and provenance standards for AI agent skill registries
Shai-Hulud infected 500+ npm packages via stolen tokens in 2025. Agent skill registries are repeating the same unsigned-artifact mistake — here's the fix.
Reconstructing the tj-actions/changed-files compromise
CVE-2025-30066 hit CISA's KEV list within 3 days: 23,000+ repos ran a poisoned GitHub Action that dumped CI secrets straight into public build logs.
Verifying open source package provenance with SLSA and Sigstore
A maintainer account takeover hid a backdoor in xz-utils for years. SLSA provenance and Sigstore signing are how you catch the next one before it ships.
Python Dependency Scanning: A Practical Guide
Your code is a small fraction of what ships. This is how to inventory, scan, and continuously monitor the Python dependency tree that makes up the rest.
AI Agents and Supply Chain Security FAQ: 2026 Answers
Answers on where AI agents meet software supply chain security — the dependencies agents pull in, hallucinated packages, MCP servers as components, AIBOMs, and how Safeguard keeps the agentic supply chain governed.
The Best Software Supply Chain Security Platforms in 2026
Supply-chain security has grown from SCA into a platform category spanning SBOMs, build integrity, and malicious-package defense. This balanced guide compares Snyk, Sonatype, Chainguard, Endor Labs, Socket, and Safeguard.
Cloud-Native Supply Chain Security: From Source to Runtime
A stage-by-stage guide to securing the cloud-native software supply chain — source, dependencies, build, artifacts, and deploy — using SBOMs, SLSA provenance, signing, and admission policy.